Security of data on server should be documented #5383
Description
A Copay wallet causes some data to be stored on a server. It's already documented that the seed words never leave the user's wallet, and it's also documented (I don't recall exactly where) that a master public key is stored unencrypted on the server.
I don't believe the documentation tells us if other ancillary data (see below) are stored encrypted on the server.
The following could be encrypted on the user's device using a key derived from the seed words (so the key would be accessible only to the user and to nobody else) (at least for 1:1 wallets, if not for all wallets) before being transmitted to the server:
- Wallet name
- Descriptions attached to transactions
- Comments attached to transactions
The following could be encrypted on the user's device using the server's public key before being transmitted to the server:
- Information about the device (e.g., Android release, phone hardware type, ...) on which Copay wallet is running.
The following could be encrypted on the server using the server's public key before being stored:
- IP address and connection timestamp of wallets connecting to server
It would be useful for users to know which of the above, if any, are accessible to anybody hacking the server.